Updating logged in state when user tries to log in from different browser/system #105
Assignees
Labels
Comments
This was referenced Jul 21, 2016
|
I think this is supposed to be fixed in #71 |
|
Okay, now I understand. Yes, thats an horizontal session scaling issue. Hold on |
|
Do these here as I need to know how claims are working here.
|
|
@thehoneymad , I have followed the 4 steps described by you. Yes the old token can get the same resource. |
|
It is supposed to, thats how claims work. Its definitely a refresh token issue. Please rename the issue accordingly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
In Facebook and similar websites, when a user is logged in several tabs and he/she logs out from one tab, all other tabs get notified that the user has been logged out and prompts a login dialog.
In taskcat, whether a user is logged in or not is understood by json token. Say user X is logged in in pc1. Now if he login from another pc2, a new json token will be retrieved on behalf of him and the token saved in pc1 will be expired. So all the authorized calls from pc1 will get a 401 error.
The json tokens expired automatically after a certain time, in that case too, the token saved in his browser's local storage will not be applicable in the authorized api call.
Observed Problem
In the above-mentioned scenario, WebCat does not let the user log in and does not show any alert/prompt to log in again. It shows the following error as the access token gets invalid and the user becomes unauthorized.
Also, if a user manually logout and log in again, the api calls keep using the old saved token. If a manual browser refresh triggered, only then the api calls retrieved the latest token from the browser and are able to call the authorized api.
Problem found in http://gofetch.cloudapp.net:8000/#/home
The text was updated successfully, but these errors were encountered: